protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
var context = new HttpContextWrapper(HttpContext.Current);
if (!string.IsNullOrEmpty(AuthSettings.EnableAuth) &&
AuthSettings.EnableAuth.Equals(false.ToString(), StringComparison.OrdinalIgnoreCase))
{
context.User = new TryWebsitesPrincipal(new TryWebsitesIdentity("*****@*****.**", null, "Local"));
return;
}
if (!SecurityManager.TryAuthenticateSessionCookie(context))
{
// Support requests from non-browsers with bearer headers
if (context.IsFunctionsPortalBackendRequest() && !context.IsBrowserRequest() &&
SecurityManager.TryAuthenticateBearer(context))
{
return;
}
if (SecurityManager.HasToken(context))
{
// This is a login
SecurityManager.AuthenticateRequest(context);
return;
}
var route = RouteTable.Routes.GetRouteData(context);
// If the route is not registered in the WebAPI RouteTable
// then it's not an API route, which means it's a resource (*.js, *.css, *.cshtml), not authenticated.
// If the route doesn't have authenticated value assume true
var isAuthenticated = route != null && ((route.Values["authenticated"] == null || (bool)route.Values["authenticated"]) && !(route.Values["action"] != null && String.Equals(route.Values["action"].ToString(), "All", StringComparison.OrdinalIgnoreCase)));
if (isAuthenticated)
{
SecurityManager.AuthenticateRequest(context);
}
else if (context.IsBrowserRequest())
{
SecurityManager.HandleAnonymousUser(context);
}
}
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
var context = new HttpContextWrapper(HttpContext.Current);
if (!string.IsNullOrEmpty(AuthSettings.EnableAuth) &&
AuthSettings.EnableAuth.Equals(false.ToString(), StringComparison.OrdinalIgnoreCase))
{
context.User = new TryWebsitesPrincipal(new TryWebsitesIdentity("*****@*****.**", null, "Local"));
return;
}
if (!SecurityManager.TryAuthenticateSessionCookie(context))
{
// Support requests from non-browsers with bearer headers
if (context.IsFunctionsPortalBackendRequest() && !context.IsBrowserRequest() &&
SecurityManager.TryAuthenticateBearer(context))
{
return;
}
if (SecurityManager.HasToken(context))
{
// This is a login
SecurityManager.AuthenticateRequest(context);
return;
}
var route = RouteTable.Routes.GetRouteData(context);
// If the route is not registered in the WebAPI RouteTable
// then it's not an API route, which means it's a resource (*.js, *.css, *.cshtml), not authenticated.
// If the route doesn't have authenticated value assume true
var isAuthenticated = route != null && (route.Values["authenticated"] == null || (bool)route.Values["authenticated"]);
if (isAuthenticated)
{
SecurityManager.AuthenticateRequest(context);
}
else if (context.IsBrowserRequest())
{
SecurityManager.HandleAnonymousUser(context);
}
}
else //coming in from auth provider . Now lets return to the source (Try Functions)
{
if (!context.IsBrowserRequest())
{
return;
}
if (context.Request["state"] == null)
{
return;
}
if (!context.Request["state"].Contains("appServiceName=Function"))
{
return;
}
if (context.User == null)
{
return;
}
var cookie = CreateSessionCookieData(context.User);
var state = context.Request["state"];
var redirectlocation = state.Split('?')[0];
Response.Redirect($"{redirectlocation}?cookie={cookie}&state={Uri.EscapeDataString(state)}", true);
}
}